[Sun Federation Manager] Error deploying a sample
Hi all,
I'm currently working on the sun java system federation manager and I simply try to deploy a sample, as written in the readme file. The readme.txt tells that :
1. Update sp1Metadata.xml (available in <sample_xml_dir>)
The following assumptions are made in sp1Metadata.xml.
a. IDP1_PROTO is the protocol for IDP1, eg. http.
b. IDP1_HOST is the hostname for IDP1, eg. www.idp1.com.
c. IDP1_PORT is the port for IDP1, eg. 58080.
d. IDP1_DEPLOY_URI is the deploy URI for IDP1, eg. /federation.
e. SP1_SECURITY_KEY is the certificate alias for SP1.
f. IDP1_SECURITY_KEY is the certificate alias for IDP1.
Update above values in sp1Metadata.xml as per your deployment. SP1_SECURITY_KEY and IDP1_SECURITY_KEY are required only when you want to enable xml digital signature signing. If the keystore has not been configured yet, remove the iplanet-am-certificate-alias attribute value pair from the XML file.
2. Load sp1Metadata.xmlusing following command.
<begin_dir>/bin/amadmin -i <war_dir> -u amadmin -w <amadmin password> -t <sample_xml_dir>/sp1Metadata.xml
First step : no problem :)
Second step : I get this error :
Error 9: Operation failed: Can't find ressource for bundle java.util.PropertyResourceBundle, key invalidconfigfile
java.util.MissingResourceException: Can't find ressource for bundle java.util.PropertyResourceBundle, key invalidconfigfile
and I didn't find why this error is thrown :( I'm working on a Windows XP SP2 station with NetBeans 5.5 RC2 + Enterprise Pack 5.5 Beta.
Thanks for the help
Best regards !
@++
# 1
re,
I found the problem : I was not taking the xml file into the right directory (%install%\fm\war_staging\web-src\samples\liberty\sso) ! :)
Now I still get another error :
Error 9: Operation failed: null
java.lang.NullPointerException
at java.lang.String.<init> (String.java:479)
at com.sun.identity.security.AdminPasswordAction.run(AdminPasswordAction.java:86)
at java.security.AccessController.doPrivileged(Native method)
at ..
Thanks for the help !
@++
# 2
Hi,
I have been trying to install the federation manager 7 in sun app server (latest) but i am getting issues when i deploy the war file.
Error loading deployment descriptors for module [federation] -- \FMWAR_DTD_DIR\sun-web-app_2_3-0.dtd
i am using a windows Xp SP2.
Can u explain the installation steps elaborately.(For example using the fmsetup and fmwar)
Also pls explain how to use the netbeans to configure the saml sso examples
Thanks in advance
# 3
Hi,
[url=http://forum.sun.com/jive/thread.jspa?threadID=109593&tstart=0]here[/u rl] is the response ! I mean you install is not correct... if the federation.war is not created after running fmsetup, then it is something wrong into your fmsilent-template !
If you need to uninstall Federation Manager, you must use regedit and delete the key 'FederationManager' at HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems :)
Best regards
@++
# 4
We are deploying the sample/liberty/sso in access manager.But we are stuck as we dont have the amadmin batch file like in federation manager.
<begin_dir>/bin/amadmin -i <war_dir> -u amadmin -w <amadmin password> -t <sample_xml_dir>/sp1Metadata.xml[/b
So we are not able to execute this command.
Can u furnish details how i can use the FM samples in AM
Best Regards
Message was edited by:
sar_an
# 5
Hi,
Yes, as I said, you don't have the amadmin tool, so you must go to http://localhost:8080/amserver/console, login with amadmin (pass by default : admin123) and then configure the federation !
It'sreally simple, but it take a little bit time :
- on IDP side :
1) create the authentication domain (circle of trust)
2) create a new entity (no space or special chars, because it seems to bug) for the IDP (for example "theIdentityProvider")
3) set it as Hosted Identity Provider (ComboBox on the top-right)
4) set the urls asked (it should be the Single Sign On address). The url is http://www.idp.com:8080/amserver/SingleSignOnService/metaAlias/TheMetaAliasThat You SetIntoTheConfigPage
5) on the next page, there is many other urls to set, but they are all the same :
http://www.idp.com:8080/amserver/SOAPReceiver/metaAlias/%MetaAlias% (%MetaAlias% is to replace with the meta alias you defined)
http://www.idp.com:8080/amserver/ProcessLogout/metaAlias/%MetaAlias%
http://www.idp.com:8080/amserver/ReturnLogout/metaAlias/%MetaAlias%
http://www.idp.com:8080/amserver/ProcessTermination/metaAlias/%MetaAlias%
http://www.idp.com:8080/amserver/ReturnTermination/metaAlias/%MetaAlias%
http://www.idp.com:8080/amserver/ProcessRegistration/metaAlias/%MetaAlias%
http://www.idp.com:8080/amserver/ReturnRegistration/metaAlias/%MetaAlias%
think to add the authentication domain into trusted domains :)
6) create a new entity => remote Provider
7) set the urls as point (5) adapted for the SP
8) back into the IDP, add the SP to be trusted
- on the SP side
Do the same step as the IDP side but invert the roles : Remote IDP and Hosted SP !
and all should works great :)
Best regards
# 6
hi
1)we ve copied the war-staging directory, that was created during federation set up to the access manager folder. will it work , if i do this?
2)wat r the URLs to be set in access manager configuration in entities configuration.
3)and finally, do we ve to mention %meta alias% in any of the config files.
thanks in advance.
# 7
Hi,
1) all the war-staging it's a bad idea I mean... only the /sample folder should be sufficiant. Just copy the files you need so you can access it to http://localhost:8080/amserver/samples/liberty/saml/ :)
2) its for the internal communication between the access managers... you can personnalize them if you know how to interact with (I don't know how). I just take those URL from the FM samples and copy-paste them to AM => it works !
3) the meta alias is to define when you create the Hosted IDP/SP so you can define what you want !
Best regards
# 8
hi.
We did configurations as per ur instructions , but while doing the Hosted IDP/SP we were unable to add the trusted partners as these fields were empty.
We added the trusted partners under the SAML config but these were not reflected in the entities config.
Can u throw some light where we are going wrong?
Thanks in advance!!
# 9
Hi,mmmh I mean there is no error but when you create the Hosted SP/IDP and there is nothing, continue the configuration then configure the remote SP/IDP and come back to the Hosted SP/IDP and there should be the trusted partner :)Best regards@++
# 10
Hi ,
We hae done the configurations as u have mentioned.But whenever i try to hit the URL
http://localhost:8080/amserver/samples/liberty/sso/jsp/index.jsp
i get this
exception
javax.servlet.ServletException: AMSetupFilter.doFilter
root cause
org.apache.jasper.JasperException: java.lang.NullPointerException
root cause
java.lang.NullPointerException
I had put the samples folder into the extracted amserver.war and then again created a new amserver.war and deployed the updated war with the chamges in the idp1metadata.xml and sp1metadata.xml as per the instructions in read me.
Am i missing some configs since it throws a null pointer exception.?
Also can u throw some light on wat i can put as
a)Providers url:***(should this be the sp's url in case of idp)
b)Providers alias: ***(is this the meta alias tat we define and use in all the other urls u mentioned)
Thanks in advance
null
# 11
Hi,
I had the problem but I do not remember the cause... But for trying the Liberty SSO with AM7.1, simply edit index.html into the docroot directory on the SP, rename it index.jsp and set the following code :
<%@page import="com.iplanet.sso.*" %>
<%
SSOToken loggedToken = null;
try
{
SSOTokenManager m = SSOTokenManager.getInstance();
SSOToken t = m.createSSOToken(request);
if (t != null && m.isValidToken(t)) loggedToken = t;
}
catch (SSOException e)
{
out.println("Error : "+e.getMessage());
}
if (loggedToken != null)
{
%>
You are logged as <%= loggedToken.getPrincipal() %>
<%
{
else
{
String metaAlias = null; //here set the meta alias you defined for the sp
String urlLogin = "http://localhost:8080/amserver/preLogin?metaAlias="+metaAlias;
%>
<a href="<%= urlLogin %>">Log in</a>
<%
}
%>
This sample code works with a local login or idp login. Now for the federation testing you cannot stay on the localhost !!! There will be a problem assuming the url => you must reconfigure your AM !
For doing that, begin to create the DNS lookup for your servers. Personaly, I use the windows host file to manually create the DNS. Then go to C:\Documents & Settings\currentUser and delete the AccessManager folder. After that, access the amserver typing the url of the amserver : http://www.theNameDefinedIntoTheDNS.com:8080/amserver and reconfigure your amserver. Afterwards you must reconfigure your authentication domains & entities...
Follow the same steps for the IDP side with another url of course :) Then use the URL of the SP & IDP into the configuration instead of "localhost" or it won't work.
Best regards
@++
# 12
I am now working on deployment of sun one access manager. I have deployed as a single war in application server. But i am not able to see the access manager console as it shows file not found exception, Can anyone help me to resolve?
Log Entry Detail
DetailsTimestamp: Mar 22, 2007 19:20:51.435
Log Level: SEVERE
Logger: javax.enterprise.system.container.web
Name-Value Pairs: _ThreadID=12;
Record Number: 544
Message ID: WebModule[/amserver]Exception starting filter amSetupFilter java.lang.ClassNotFoundException
Complete Message
com.sun.identity.setup.AMSetupFilterat org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1 447)at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1 228)at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterCon fig.java:215)at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef(ApplicationFilter Config.java:312)at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilter Config.java:83)at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:3881)at org.apache.catalina.core.StandardContext.start(StandardContext.java:4531)at com.sun.enterprise.web.WebModule.start(WebModule.java:241)at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:827)at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:125)at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.jav a:147)at java.security.AccessController.doPrivileged(Native Method)at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:809)at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:632)at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1254)at com.sun.enterprise.web.HttpServiceWebContainer.loadWebModule(HttpServiceWebCont ainer.java:821)at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:987)at com.sun.enterprise.server.WebModuleDeployEventListener.moduleDeployed(WebModule DeployEventListener.java:160)at com.sun.enterprise.server.WebModuleDeployEventListener.moduleDeployed(WebModule DeployEventListener.java:238)at com.sun.enterprise.admin.event.AdminEventMulticaster.invokeModuleDeployEventLis tener(AdminEventMulticaster.java:918)at com.sun.enterprise.admin.event.AdminEventMulticaster.handleModuleDeployEvent(Ad minEventMulticaster.java:905)at com.sun.enterprise.admin.event.AdminEventMulticaster.processEvent(AdminEventMul ticaster.java:427)at com.sun.enterprise.admin.event.AdminEventMulticaster.multicastEvent(AdminEventM ulticaster.java:139)at com.sun.enterprise.ee.admin.mbeans.ServerRuntimeMBean.forwardEvent(ServerRuntim eMBean.java:64)at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)at java.lang.reflect.Method.invoke(Method.java:585)at com.sun.enterprise.admin.MBeanHelper.invokeOperationInBean(MBeanHelper.java:308 )at com.sun.enterprise.admin.runtime.BaseRuntimeMBean.invoke(BaseRuntimeMBean.java: 389)at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213 )at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServer Interceptor.java:815)at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.jav a:1408)at javax.management.remote.rmi.RMIConnectionImpl.access$100(RMIConnectionImpl.java :81)at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnec tionImpl.java:1245)at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnecti onImpl.java:1341)at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:782 )at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.ja va:25)at java.lang.reflect.Method.invoke(Method.java:585)at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)at sun.rmi.transport.Transport$1.run(Transport.java:153)at java.security.AccessController.doPrivileged(Native Method)at sun.rmi.transport.Transport.serviceCall(Transport.java:149)at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)at java.lang.Thread.run(Thread.java:595)
